-
Bug
-
Resolution: Done-Errata
-
Blocker
-
quay-v3.13.0
Description
When install quay operator on openshift with FIPS enabled, operator upgrade will fail to managed clair postgres migration
Reproduced Steps
- Install quay operator 3.12 on an openshift cluster with FIPS enabled
- Create quayregistry with managed component clair and clair postgres
- Upgrade to quay operator 3.13
Actual Results
Upgrade cannot complete and clair postgres upgrade pod keeps crash
$ oc get po -w NAME READY STATUS RESTARTS AGE registry-clair-postgres-old-798cc488fc-5g9x2 1/1 Running 0 2m40s registry-clair-postgres-upgrade-ssztt 0/1 CrashLoopBackOff 4 (48s ago) 2m41s
Additional Info
clair postgres upgrade pod logs:
The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. fixing permissions on existing directory /var/lib/pgsql/data/userdata ... ok creating subdirectories ... ok selecting dynamic shared memory implementation ... posix selecting default max_connections ... 100 selecting default shared_buffers ... 128MB selecting default time zone ... Etc/UTC creating configuration files ... ok running bootstrap script ... ok performing post-bootstrap initialization ... ok syncing data to disk ... ok Success. You can now start the database server using: pg_ctl -D /var/lib/pgsql/data/userdata -l logfile start initdb: warning: enabling "trust" authentication for local connections initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb. waiting for server to start....2024-10-29 10:22:38.580 GMT [36] LOG: redirecting log output to logging collector process 2024-10-29 10:22:38.580 GMT [36] HINT: Future log output will appear in directory "log". done server started /var/run/postgresql:5432 - accepting connections pg_dumpall: error: connection to server at "registry312-clair-postgres-old" (172.30.250.145), port 5432 failed: could not encrypt password: disabled for FIPS fe_sendauth: error sending password authentication postgres migration command failed, cleaning up...
- links to
-
RHBA-2024:142414 Red Hat Quay v3.13.1 bug fix release
- mentioned on